Romania is the 3rd when it comes to the number of infringement of data security notified to the national authorities responsible with the application of general European regulations regarding protection of data (GDPR), emphasizes a study conducted by Deloitte Legal Network in Romania, Bulgaria, Croatia, Czech Republic, Hungary, Lithuania, Poland and Slovakia.
According to the research, most of the investigations and fines related to the infringement of GDPR provisions were reported at the companies from the regulated industries, which have direct contact with the clients and who process great volumes of personal data.
After the first year after the regulation regarding data protection came into force, until the 31st of May 2019, the 8 countries, which have been the object of study communicated 34 fines imposed for different infringements of GDPR, the total value of these being an approximate of 750 000 euro.
The biggest fine recorded in Central and Eastern Europe, with a quantum of an approximate of 230,000 euro was applied in Poland to a company which had as object of activity based on the processing of data obtained from public sources and using them in commercial purposes. The point of view targeted by the Polish authority in this case is the insurance of the transparency regarding the persons targeted and the value of the fine places Poland in the top of the greatest three fines imposed in Europe.
In the same context, the greatest number of fines were reported in Bulgaria (13) followed by Hungary (10) Czech Republic (8), Poland (2) and Lithuania.(1).
In Romania until the end of May, this year, the surveillance authority regarding data protection preformed 981 investigations after which it imposed 57 corrective measures and 23 warnings, the majority of investigations being in course of investigation.
“ In Romania the first fine was recently applied regarding the application of GDPR of an approximate of 130 000 Euro, to a financial institution. We assist at numerous and diverse investigations in the whole Europe after which new sanctions are applied in almost every week in a lot of jurisdictions. The greatest of them all is the 50 million euro fine imposed on Google France” says Georgiana Singurel, partner at Reff & Asociatii, the society of lawyers member of the Deloitte Legal network.
At the the chapter of the infringement of data security noticed to the national authorities, on the first position ranks Poland with an approximate of 2000 notifications. The hierarchy continues with the Czech Republic (626), Romania (398), Hungary (380), Lithuania (93) and Bulgaria (33).
“Besides the industries most affected by GDPR, namely telecommunications and financial services, other domains, in which investigations were made regarding application of GDPR are the public section, media, technology (in particular mobile applications), medical and postal services. The activities of national authorities of data protection focused on the verification of the respecting of principles of processing personal data, in particular the reducing to the minimum of data (data minimization), the limiting of data with the purpose of processing (purpose limitation) and the limiting related to storage (data retention). Other aspects targeted by the authorities in the countries in the studied process are related to the respecting of the rights of persons, installation of video surveillance systems, direct marketing, profiling and cookies” the creators of the study emphasize.
The study made by Deloitte Legal was conducted for the period from the starting of the regulation, 25th of May 2018 until the 31st of May 2019 in 8 European countries: Romania, Bulgaria, Croatia, Czech Republic, Hungary, Lithuania, Poland and Slovakia.
Deloitte provides on a global level audit services, consulting and legal services, financial consulting and risk management, fiscal consulting services and other services adjacent for the clients in the public and private section coming from varied industries.
Featured photo: CCO Creative Commons